CVE-2009-3107 Information

Description

Symantec Altiris Deployment Solution 6.9.x before 6.9 SP3 Build 430 does not properly restrict access to the listening port for the DBManager service which allows remote attackers to bypass authentication and modify tasks or the Altiris Database via a connection to this service.

Reference

http://secunia.com/advisories/36502 http://www.securityfocus.com/bid/36110 http://www.securitytracker.com/id?1022779 http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2009&suid=20090826_00